Cyber Criminals Are Aiming At Business

2018 has been the year when crypto-miners first dethroned ransomware as the most prevalent threat due to a meteoric spike in Bitcoin value in late 2017, then slowly trailed off when it began to nosedive.
 
It’s also been the year of the mega breach (Facebook, Marriott, MyHeritage, Quora, etc.), the year when extortionists and sextortionists began increasingly capitalising on stale PII from old breaches, and the year when malicious spam replaced exploits as the favorite attack vector. Finally, 2018 has also been the year when cybercriminals definitely realised businesses are juicier targets than individuals.
 
“Over the year, we have seen more attacks against businesses, more detections of malware on their endpoints, and a greater focus on what cybercriminals consider a more lucrative target,” Malwarebytes shared in its latest yearly State of Malware report.
 
“In fact, four of our top seven business detections increased by more than 100 percent from 2017 to 2018.”
 
The biggest malware threats
Trojans – a broad designation used for malware that does not fall directly into spyware or adware or backdoor categories – tops the list of Malwarebytes’ most common business detections in all regions of the globe.
The category was topped by the Emotet family, which uses exploits (e.g., EternalBlue) to compromise unpatched systems, credential brute forcing to move laterally throughout corporate networks, and its built-in spam module to send out malicious spam and infect systems outside the network.
 
“Spyware detections have climbed significantly due to similar variants and families of Emotet and TrickBot being identified as spyware in the wild—a clear sign of the focus threat actors have placed on information stealing and establishing holds on corporate networks,” the researchers noted.
 
Emotet and TrickBot are former banking Trojans with have evolved into droppers with multiple modules for spam production, lateral propagation through networks, data skimmers, and even crypto-wallet stealers, in other words, ideal tools for stealing ultra-sensitive data from businesses.
 
Trickbot often accompanies Emotet, as the latter drops the former as a secondary payload. Like Emotet, it exploits a SMB vulnerability (with the EternalRomance exploit) for lateral movement inside a network.
 
Ransomware is also being pushed more onto businesses. SamSam-wielding criminals continue to target organisations in many verticals, and it has recently been shared by CrowdStrike and FireEye researchers that a cybercriminal group dubbed Grim Spider has been using the Ryuk ransomware to exclusively target enterprises which have previously been compromised via the TrickBot Trojan.
 
Other notable threats in 2018 were website data-harvesting attacks (Magecart), malicious browser extensions, plugin and browser exploits, IoT malware, and various scams.
 
What’s to Come?
With the proviso that they can only make educated guesses about the likely 2019 threats and trends, the researchers have shared their predictions for the year.
 
Interspersed among the expected ones, more IoT botnets, the slow death of crypto mining on desktops, the increase of frequency and sophistication of digital skimming, SMB vulnerabilities continuing to be challenging for organizations – are some uncommon ones:
• Sound loggers – keyloggers that are able to listen to the cadence and volume of tapping to determine which keys are struck on a keyboard, will slip into the wild.
• AI will be used to create and modify malicious executables in order to avoid being detected by deployed security tools.
• Bring Your Own Security (BYOS). “More and more consumers are bringing their own security to the workplace as a first or second layer of defense to protect their personal information,” the researchers concluded.
 

HelpNetSecurity:

You Might Also Read:

The Attack Surface Is Growing Faster Than Ever:

« US Intelligence Chief Warns Of ‘ever more diverse’ Threats
Hackers Use PayPal To Go Phishing »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Logicalis

Logicalis

Logicalis are a leading provider of global IT solutions and managed services.

Council of Europe - Cybercrime Programme Office (C-PROC)

Council of Europe - Cybercrime Programme Office (C-PROC)

The Cybercrime Programme Office of the Council of Europe is responsible for assisting countries worldwide in strengthening their legal systems capacity to respond to cybercrime

Rubicon Workflow Solutions

Rubicon Workflow Solutions

Rubicon is a leading provider of managed IT support and strategic services, specialising in creative and mixed platform environments.

JLT Specialty

JLT Specialty

JLT Specialty is a leading specialist insurance broker. Services offered include Cyber Risks insurance.

GuardKnox

GuardKnox

GuardKnox protects the users of connected vehicles against threats that can endanger their physical safety and the safety of their personal information.

Clavis Information Security

Clavis Information Security

Clavis is an Information Security company offering a complete portfolio of solutions from Pentesting and Security Assessments to Managed Security Services and Training.

Level Effect

Level Effect

Level Effect is developing new capabilities to bring a unique perspective on proactive network defense and advanced security analytics.

Swarmnetics

Swarmnetics

Swarmnetics helps customers discover hard-to-find software vulnerabilities by hacking your system before the bad guys do.

Anthony Timbers LLC

Anthony Timbers LLC

Anthony Timbers is a cybersecurity consulting and penetration testing firm providing services to the Federal and Commercial sectors nationwide.

European Cyber Competence Network

European Cyber Competence Network

The purpose of the European Cyber Competence Network is to retain and develop the cybersecurity technological and industrial capacities of the EU necessary to secure its Digital Single Market.

Zorus

Zorus

Zorus provides best-in-class cybersecurity products to MSP partners to help them grow their business and protect their clients.

SecOps Group

SecOps Group

SecOps Group is a boutique cybersecurity consultancy helping enterprises identify & eliminate security risks on a continuous basis.

HiSolutions

HiSolutions

HiSolutions is a renowned consulting firms for IT governance, risk & compliance in Germany, combining highly specialized know-how in the field with profound process competence.

ProArch

ProArch

ProArch is a global team of multidisciplinary experts in cloud, infrastructure, data analytics, cybersecurity, compliance, and software development.

Defendis

Defendis

Defendis develops AI-powered cybersecurity solutions for Government Agencies, Banks, and Businesses, designed to helps them contain data leaks, minimise damage, and proactively hunt for new threats.

Soteria Cybersecurity

Soteria Cybersecurity

Soteria is your trusted Cybersecurity Partner in IT and OT.